Web-Based Directory Service Management With the DSCC

The primary interface for DSEE is the Directory Service Control Center (DSCC).
The DSCC enables you to perform almost all administrative tasks.

When you initiate an action through the DSCC, the operation
is passed to the appropriate console agents or through LDAP. The console
agents run the corresponding Directory Server or Directory Proxy Server command
to perform the administrative action.

Diverse Views to Simplify Service Management

The DSCC provides various data views to help you manage your
services most effectively. For example, the DSCC provides a topology
view, where you can see all of the servers involved in a replication topology
and the relationship between them. The following figure demonstrates the topology
view of a simple two-master, two-consumer replication topology.

The arrows show the direction in which information is propagated. The
servers are listed hierarchically, with the master servers appearing at the
top and the read-only consumer replicas appearing at the bottom. If hub servers
were used, they would be displayed in the middle. The DSCC allows
you to modify the view by applying filters so that you can display only a
particular suffix.

The DSCC provides tools for viewing the replication status
of suffixes. This view summarizes for each server the number of changes currently
missing and the age of the latest change that needs to be applied, as illustrated
in the following figure.

You can also use the DSCC to view the Directory Server and Directory Proxy Server logs,
which show the timestamp, log level, messages, and message sort. You can modify
the log view to show only entries that contain a string you specify.

Configuration and Suffix Cloning

A production environment usually includes multiple instances for redundancy
and load balancing. In most cases, each of these servers has the same configuration.
The DSCC simplifies service management by allowing you to install
an instance of the server once and to copy that server's configuration and
replication configuration to another instance.

The DSCC enables you to clone an instance or suffix configuration
by selecting an existing instance and then cloning either the instance or
the suffix configuration to other directory instances.

For example, to simplify the deployment of your replicated topology,
you can create a master replication configuration and then propagate it to
the other masters in your topology. You can also choose to clone only parts
of the configuration, such as the indexes.

The following figure illustrates how you can copy configuration settings
from one Directory Server to other servers by using the Copy Directory
Server Configuration wizard.

The DSCC provides similar wizards for copying suffix configuration
or cloning a Directory Proxy Server configuration.

Advanced Command-Line Interface

The DSEE CLI is designed to reduce all administrative tasks
to a few commands. The look, feel, and use of these commands is similar across
the DSEE administrative framework. For example, administrative tasks
for Directory Server and Directory Proxy Server are performed with the dsadm and dpadm commands, respectively. The usage
and syntax of these two commands is similar.

The command-line tools wrap much of the complexity of LDIF-based configuration,
enabling you to write more succinct, readable scripts.

Overview of the Commands

The DSEE includes the following tools to facilitate command-line
management of the server:

dsadm – Handles local Directory Server instance files,
creating instances and managing the server process running on the local host.

On a Solaris package installation, these commands are located in /opt/SUNWdsee7/bin by default.

Some administrative operations, such as starting and stopping a server
instance, require a local agent. For the command line, the local agent is
the command itself. The dsadm and dpadm commands
run locally because they require the server to be offline or they require
specific system rights. For example, if you use the dsadm command
to change a certificate, the server can be running but the operation needs
to be executed by a privileged user.

You can use the DSEE CLI to administer and configure your
directory remotely. You can run the dsconf and dpconf commands remotely to create suffixes, server instances, and indexes.
These commands use LDAP authentication, so you do not need a local user on
your machine, although the server instance itself must be running.

Simplified Installation and Migration

DSEE includes several features that improve the way in which
the component products can be installed.

Automated Installation From the Command
Line

DSEE provides flexible commands for each step of the installation
process so that you can write custom scripts to install and minimally configure
a DSEE instance. You can then use your scripts to standardize your
deployment so that each server is automatically configured the same.

Non-Root Installation

Directory Server allows you to install the DSEE components
as a non-root user. This non-root installation is possible with the zip distribution.
You can also install the Directory Service Control Center as a non-root user using the WAR file.

Operating system-specific packaging formats, such as SVR4 for
Solaris, requires installation as a privileged user.

User-Specified Installation Path

Both the zip distribution and native packages provide the ability to
install DSEE components into a user-specified installation directory.

Multiple Separate Installations

With the zip distribution, you can install multiple distinct installations
of the component products within a single operating system instance. You can
even install the zip distribution on a system with an existing directory server
packaging installation. The following constraints apply when installing multiple
installations on a single system:

Each instance must be configured so that the total resources
(RAM, CPU, and disk) that are consumed by the sum of all instances on the
server do not exceed the available resources.

Each installation must have its own distinct installation
path.

Each installation must have its own agent port.

With the introduction of Solaris 10 zones, you can also install different
versions and installations of the package version of DSEE. In this
case, each installation must be contained within its own unique Solaris 10
whole root zone.

Online Configuration Changes

Directory Server allows you to change the configuration of the following
while the server is running:

Suffixes. After Directory Server has
been installed and brought online, you can continue to add new suffixes dynamically
while the server keeps running.

Indexes. After you have
defined the suffixes, you can add new indexes to accelerate search performance.
You can customize your index according to function, such as indexes that list
entries that have a particular attribute, that approximate a particular attribute,
that contain a substring, or that match a particular locale. Indexes can be
updated dynamically without interrupting the normal functions of the directory
server itself.

Schema.You can change the
directory schema dynamically. If the schema needs to be extended to meet the
needs of an application, you can add new object classes and attributes while
the server is running, without affecting operations.

Replication topology. You
can set up and modify the replication topology while the server is running.

Availability Across Your Entire Network

Directory Server can be configured to listen on multiple specific
IP addresses. This feature allows Directory Server to be available simultaneously
on several networks, including intranets and secure or restricted networks,
such as demilitarized zones (DMZs).

Where to Go From Here

To read more about the features presented in this chapter, refer to
the following documentation.